BLOG

First spam to Epsilon leaked address

This morning I received the first two spams to the address of mine that was compromised during the Epsilon compromise back in April. Actually, I received two of them. One was the “standard” Adobe phish email. The other was similar but referenced Limewire instead of Adobe.

Have you heard the big news? Limewire has shut down for good.

Want to know what other people are using as their alternative?

Find Out Here : http://www.phishingdomain.here.example.com

Our limewire alternative has been adopted by millions of limewire users around the globe.

Same great features, tons of files and it’s easy to use

Enjoy

Jimmy Choo
Limewire Insider

One of the very interesting things about this spam is that it came through an ESP. It looks like the customer of another ESP was compromised and their account used to send the spam.

Steve was notified of one of his addresses leaking and he’s not seen any spam to it. I suspect it’s a big enough group of addresses that the spammers are mailing them in chunks or importing them / cleaning them slowly.

Re: “One of the very interesting things about this spam is that it came through an ESP.”

Obvious question, but do you have the full message headers? If no (for example if the email came via Exchange) you really can’t be sure it came from an ESP. Happy to help in the unlikely event that you need it.

You can't technical your way out of the bulk folder. I wrote that a year and a half ago, and it's even more true today. Filters at the big webmail providers continue to evolve to meet new threats and new spamming techniques. Sending technically perfect mail won't get your mail into the inbox. Recipients have to want the mail and interact with the mail for good delivery.
No Comments